September 19, 2023
In this Episode:
Marcel Brown: September 19th, 2006. Microsoft began testing its new video sharing service, Soapbox, which they hoped would compete with YouTube. Clearly, it did not compete very well because, personally, I had never heard of Soapbox, and probably neither did you.
Edwin Kwan: As part of a coordinated national action plan, the Australian Government will release a revised Cybersecurity Strategy later this year around six cyber shields.
Mark Miller: MGM Resorts and Caesar’s aren’t bragging about their losses right now. According to numerous reports, a major hack against the casinos was started with a social engineering scheme against an outsourced IT support vendor on September 11. Now that this type of hack has been proven to work, it’s only a matter of time before the next set of casino attacks roll a big fat 7 against the house.
Katy Craig: The International Criminal Court, or ICC, is stepping into the digital age and setting its sights on cybercrimes that breach international law. In a world where the battlefield is as likely to be a server farm as a desert, the ICC is saying enough is enough.
Hillary Coover: Is TikTok’s office attendance tracking a glimpse into the future of workplace surveillance? TikTok, owned by Chinese company ByteDance, unveiled an internal app called MyRTO.
The Stories Behind the Cybersecurity Headlines
Australia to Create Six Cyber Shields as part of Cyber Strategy
This is Edwin Kwan from Sydney. Australia.
It’s been almost a year since the Optus breach, which at the time was the largest cybersecurity incident in Australian history. As part of the government’s plan to make Australia the most cyber-secure nation by 2030, they will be creating a strategy to build six cyber shields around Australia. Each of those shields will be designed to layer stronger protections around Australian businesses, organizations, and citizens.
1) The first shield is for stronger citizens and businesses, focusing on awareness so that they can better protect themselves and recover better from cyber events.
2) The second shield is safe technology, where they want digital products to be safe for use before they hit the shelves. This is done by having clear global standards for digital safety.
3) The third shoe is world-class threat intelligence exchange and blocking before they cause significant harm.
4) The fourth shield is focused on building reliable critical infrastructure, uplifting the cyber defense posture of services that Australians rely on, such as water, energy, and healthcare.
5) The fifth shield is sovereign capabilities, where Australians have a world-leading cyber workforce that supports brilliant innovators to compete globally and win.
6) Lastly is to have a resilient nation or region where Australia works in partnership with our neighbors so that we can deal with global cyber threats.
More details on the shields will be provided when the strategy is released later this year. Execution of the strategy will be broken into several horizons, the first running through to 2025.
Cyber Adversaries Place their Bets Against the House
I’m not a gambler, and I don’t enjoy the casinos in Vegas when I go to conferences, but it never ceases to amaze me when I watch people I thought I knew walk off at the end of the last session of the day, plant their butt on a blackjack stool all night, and the next morning brag about how much they lost. I don’t get it. I don’t understand the allure.
If you’ve been following the news, you know that MGM Resorts and Caesar’s aren’t bragging about their losses right now. According to numerous reports, a major hack against the casinos was started with a social engineering scheme against an outsourced IT support vendor on September 11. This allowed the attackers to access the system through compromised accounts.
‘Scattered Spider ‘ was identified as the most likely group behind the attacks, which are causing losses of between $4 million and $8 million per day at MGM Resorts. The breach potentially exposed the social security number and driver’s license number of Caesar’s customers. The company has reported to have paid a $15 million ransom to the group.
There is the potential that Scattered Spider is working with ALPHV, the ransomware-as-a-service group, which indicates this might be the first of more attacks to come. Original attacks in the past were against the machines within the casinos. With ransomware now in play, these bets are off the table.
The follow up to this series of events is that casinos, which were once thought to be one of the most secure systems in the world, are now being perceived as various attack surfaces for adversaries. Now that this type of hack has been proven to work, it’s only a matter of time before the next set of casino attacks roll a big fat 7 against the house.
– Las Vegas Review Journal: https://www.reviewjournal.com/business/casinos-gaming/analyst-mgm-losing-4-2m-8-4m-a-day-because-of-cyberattack-2906379/
– HT Tech: https://tech.hindustantimes.com/tech/news/cyber-attack-how-hackers-boke-into-mgm-resorts-71694888352353.html
– Bloomberg News: https://www.bloomberg.com/news/articles/2023-09-14/group-behind-casino-hacks-skilled-at-duping-workers-for-access
– Wikipedia: https://en.wikipedia.org/wiki/Scattered_Spider
Cyber War Crimes
This is Katy Craig in San Diego, California.
Karim Khan, the top dog at the ICC, recently made waves by saying that cyber warfare isn’t just a tech issue- it’s a human rights issue. He argues that existing international laws are good enough to bring cyber criminals to justice. No need for specialized cyber laws; the Rome Statute has got it covered. For those who skipped international law, the Rome Statute is the ICC’s foundational treaty that tackles war crimes, genocide, and crimes against humanity.
Cyber warfare can be as disruptive as physical warfare. It can facilitate war crimes and even genocide. Imagine a cyber attack shutting down a hospital’s power grid. That’s not just a tech problem; that’s a life and death situation. The International Committee of the Red Cross agrees, saying cyber attacks should only target military objectives, not civilian infrastructure.
Karim Khan is clear. The digital realm can cause real-world suffering. His office plans to collect and review evidence of unlawful cyber activities by nation states. The ICC has officially announced it will pursue prosecutions in cases that contravene the Rome Statute. What that means for ongoing cyber attacks, like Russia’s actions in Ukraine, is still up in the air.
In a world where the battlefield is as likely to be a server farm as a desert, the ICC is saying enough is enough. Cyberwarfare is now in the crosshairs of international justice.
This is Katy Craig. Stay safe out there.
TikTok Tracks US Employees
Is TikTok’s office attendance tracking a glimpse into the future of workplace surveillance?
Hi, this is Hilary Coover in Washington, DC.
TikTok employees in the United States have expressed frustration and concern due to the company’s recent introduction of a tracking tool for office attendance and the associated threat of disciplinary action for noncompliance with new in-person work requirements.
In an unusual move to encourage employees to return to the office, TikTok, owned by Chinese company ByteDance, unveiled an internal app called MyRTO. This app, integrated into the company’s software, keeps tabs on badge swipes and asks employees to provide explanations for any deviations from their in-office schedule. The collected data is accessible to employees, supervisors, and human resource personnel.
Starting in October, TikTok mandated that many of its approximately 7,000 U. S. employees work in the office three days a week, with some teams expected to be present five days. Employees have been warned that consistent disregard for these requirements could lead to disciplinary measures and affect their performance reviews.
This approach has surprised and unsettled TikTok employees due to the strict messaging and the intrusive nature of the MyRTO dashboard, which serves as a constant reminder of the company’s monitoring of their daily office attendance. Some employees have voiced the opinion that the app and threats of punishment are unnecessary, leading to heightened anxiety among colleagues about potential consequences for noncompliance.
According to a spokesperson for TikTok, the purpose of the tool was to establish clear expectations for in-office attendance and enhance transparency in communication between employees and leaders. But MyRTO has gone too far.
This Day, September 19, in Tech History
September 19, 1982. In a posting made to a Carnegie Mellon bulletin board, Professor Scott Fahlman proposes the first known use of emoticons, also known as smilicons or smileys. While the use of emoticons became widespread during the 80s and 90s, their origin remained unknown until September 10, 2002, when the original message was retrieved from backup tape.
The original message is posted on my website, ThisDayInTechHistory. com, if you want to take a look.
Side note, personally, I may have been the first to use a smilicon in printed form when I put one in my high school yearbook with my senior quote under my picture. Edwardsville High School Class of 1992!
September 19th, 1996. In the same day, Apple released their system 7. 5. 5 Macintosh operating system, and not to be outdone, Microsoft released Windows NT Service Pack 5.
September 19th, 2005. Microsoft acquired a company called Alarcus, a relatively unknown developer of Identity and Access Management Applications. However, Microsoft adopted its primary software product as Active Directory.
September 19th, 2006. Microsoft began testing its new video sharing service, Soapbox, which they hoped would compete with YouTube. Clearly, it did not compete very well because, personally, I had never heard of Soapbox, and probably neither did you.
That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory. com.